CVE-2021-30359 Vulnerability Details

  /     /     /  

CVE-2021-30359 Metadata Quick Info

CVE Published: 22/10/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: checkpoint | Vendor: n/a | Product: Check Point Harmony Browse and SandBlast Agent for Browsers
Status : PUBLISHED

---

CVE-2021-30359 Description

The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427: Uncontrolled Search Path Element
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).